Beware the All-Knowing App

Do you ever check what permissions the apps you download to your smartphone or tablet require? Just why is it your torch app needs access to your contact lists and location? Or why your calendar needs to access your phone records?

Do you ever check what permissions the apps you download to your smartphone or tablet require? Just why is it your torch app needs access to your contact lists and location? Or why your calendar needs to access your phone records?

Never thought about it? Well you are probably not alone.

Most people simply accept the permissions apps ask for without even looking to see what they are or think about why that app might need that permission. Much like the terms and conditions on most online retail sites, we just click 'OK' without even reading what it says. So we end up with numerous apps on our smartphones with permissions to do just about anything with our phone habits without any further approvals needed.

Of course just because an app asks for permission to access your microphone or something else doesn't automatically mean it is bad, or doing something wrong, but we as responsible and security aware individuals need to start paying attention to the permissions being requested by the apps and if they seem unnecessary - don't install the app or uninstall it if you have already done so.

The good news is that there are usually lots of options, so before you click install - check what permissions that particular app asks for and if they seem unnecessary, don't install and look for another version you will probably find in the app store.

While mobile security threats are not yet a major problem compared to 'normal' PC threats, we cannot take this for granted as we know that the professional cybercriminals chase the money and when the scale and opportunity to exploit the mobile platform makes sense, this is what they will do.

In the meantime we must be more careful about how we utilise our smartphones and especially what apps we allow onto our devises.

Like everything education and awareness is critical to lessen the risk and lower the chance we fall foul of the hackers. So here are some steps to take:

Always use a reputable app store - there are many alternatives out there but stick to the main provides like iTunes and Google Play

Read the comments in the store about the app before you install to understand better how it works and any reported issues with it

Check the app rating. While ratings can be manipulated, they remain a good measure of how good an app is so it helps you to build up a picture of any concerns or potential issues.

Check the permissions the app requires and try to work out why it needs a particular permission to do its job.

If it doesn't feel right or you are unsure DON'T INSTALL!

And also remember that updating an app is exactly the same as installing a fresh app so make sure you go through all the steps above before you click update.

We know people are the soft-underbelly of any organisation and unfortunately we will never entirely prevent people clicking on links unnecessarily and accidentally allow hackers to access our corporate machines and networks. But through education and awareness we can try to limit their ability to compromise network security and it is important we all do our best to mitigate the risk and act responsibly and that includes downloading apps. But equally we have to expect the compromise to still happen, and to have the ability to spot malicious activities happening quickly and deal with it equally quickly to mitigate the risk of serious data loss and compromise.